Instiki 0.17.2: Security Release

This release upgrades Instiki to Rails 2.3.4, which patches two security holes in Rails. See http://weblog.rubyonrails.org/2009/9/4/ruby-on-rails-2-3-4 There are also some new features, and the usual boatload of bugfixes. See the CHANGELOG for details.
2009-09-05 02:01:46 -05:00 · 2009-09-05 02:01:46 -05:00 · 4bdf703ab2
commit 4bdf703ab2
parent 34c4306867
211 changed files with 3959 additions and 1325 deletions
--- a/vendor/rails/actionpack/lib/action_controller/reloader.rb
+++ b/vendor/rails/actionpack/lib/action_controller/reloader.rb
@ -1,14 +1,21 @@
+require 'thread'
+
 module ActionController
  class Reloader
+    @@default_lock = Mutex.new
+    cattr_accessor :default_lock
+
    class BodyWrapper
-      def initialize(body)
+      def initialize(body, lock)
        @body = body
+        @lock = lock
      end

      def close
        @body.close if @body.respond_to?(:close)
      ensure
        Dispatcher.cleanup_application
+        @lock.unlock
      end

      def method_missing(*args, &block)
@ -20,26 +27,28 @@ module ActionController
      end
    end

-    def initialize(app)
-      @app = app
-    end
-
-    def call(env)
-      Dispatcher.reload_application
-      status, headers, body = @app.call(env)
-      # We do not want to call 'cleanup_application' in an ensure block
-      # because the returned Rack response body may lazily generate its data. This
-      # is for example the case if one calls
-      #
-      #   render :text => lambda { ... code here which refers to application models ... }
-      #
-      # in an ActionController.
-      #
-      # Instead, we will want to cleanup the application code after the request is
-      # completely finished. So we wrap the body in a BodyWrapper class so that
-      # when the Rack handler calls #close during the end of the request, we get to
-      # run our cleanup code.
-      [status, headers, BodyWrapper.new(body)]
+    def self.run(lock = @@default_lock)
+      lock.lock
+      begin
+        Dispatcher.reload_application
+        status, headers, body = yield
+        # We do not want to call 'cleanup_application' in an ensure block
+        # because the returned Rack response body may lazily generate its data. This
+        # is for example the case if one calls
+        #
+        #   render :text => lambda { ... code here which refers to application models ... }
+        #
+        # in an ActionController.
+        #
+        # Instead, we will want to cleanup the application code after the request is
+        # completely finished. So we wrap the body in a BodyWrapper class so that
+        # when the Rack handler calls #close during the end of the request, we get to
+        # run our cleanup code.
+        [status, headers, BodyWrapper.new(body, lock)]
+      rescue Exception
+        lock.unlock
+        raise
+      end
    end
  end
 end